Description
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
Remediation
References
Related Vulnerabilities
WordPress Plugin WPtouch Arbitrary File Upload (3.4.6)
WordPress Plugin Coming Soon Page & Maintenance Mode Cross-Site Request Forgery (1.7.8)
WordPress Plugin WordPress Automatic Security Bypass (3.53.2)
Serendipity Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-53933)
Grafana Insufficiently Protected Credentials Vulnerability (CVE-2019-15635)